Coolwebsearch Revisited

Discussion in 'Malware Help (A Specialist Will Reply)' started by tomeister, Jun 26, 2008.

  1. tomeister

    tomeister Private E-2

    This is an interesting subject indeed! And I have been wondering about the fact that when I do a scan with AVG, it comes up with a couple hundred (at minimum) references of COOLWEBSEARCH! AVG does not report this find as a virus or Trojan, it is however reported as a warning, but as most of us know, Coolwebsearch is a definitely known as malware or spyware! :cry

    Your typical arsenal of Viral and Spy Ware programs designed to remove such an annoyance will do it's job (only if you happened to download a program or Tool Bar directly associated with Cool Web Search!) :cool

    I've cleaned this crap out of my registry twice now and it just comes back! In conclusion, my opinion is left to the fact that this crap has become part of the Internet itself!
    (See link to ZD Net) http://ct.zdnet.com/clicks?t=62017583-b8500ee7bdeb07476563f6cfe0bbefad-bf&brand=ZDNET&s=5

    Every time you get on the web with whatever browser you're using, this stuff is going on in the background completely unseen and unknown. Food for your Registry! :drool
    See attached file CoolReg.jpg. This shows a fraction of what goes in your registry file!

    For now I'll not edit my registry anymore to clean the Cool Web Search crap out of there. Also when I have done it in the past I end up with 32kb of bad sectors on the hard drive. Stay away from the toolbar toys folks.
    :major
    Tom
     

    Attached Files:

    tomeister, Jun 26, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your assessment is most likely incorrect.

    You need to tell us the exact and full registry key. Your snapshot does not give complete information. Odds are that you are just being falsely warned about things being added to your registry to protect you and that this is just another bug to add to the list of AVG8 (I assume you have AVG8) problems.

    I suspect that the registry key will be something like the below:

    HKEY_USERS\S-1-5-21-3491445392-2915240138-1478725111-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.biz

    But your S-1-5-....... etc number will be different. If it is like the above then look at the values under this key and if the value name * had a value of 4, then this site has been added to your Restricted Zone to protect you. Program like Spybot (and many others) do this to protect you. If you already edited the registry, you may not be seeing the values I'm referring to so re-run Spybot and re-Immunize then also re-run SpywareBlaster and apply all protection. Then check the values again.
     
    Last edited: Jun 26, 2008
    chaslang, Jun 26, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds